HACKED

C

Chuck Bowling

I don't know how, but I strongly suspect that I've been hacked.

I use a yahoo chat client called YaZak. A couple of weeks ago some a*hole
figured out how to get on my system and hack YaZak.

Now, whenever I click on either the shortcut or the file itself another
program launches along with the chat client.

For what it may be worth, before I deleted the shortcut it was launching
RssReader. Clicking directly on the executable's filename brings up the
other program; Rational's XDE installer. I have to click cancel 3 times on
the installer before YaZak loads.

I have noticed that in "My
Computer\HKEY_CURRENT_USERS\Software\Microsoft\Windows\ShellNoRoam\MUICache
all three programs are listed together.

Anybody have any idea of what's going on and how I can fix it?
 
D

dev

I don't know how, but I strongly suspect that I've been hacked.

I use a yahoo chat client called YaZak. A couple of weeks ago some a*hole
figured out how to get on my system and hack YaZak.

Now, whenever I click on either the shortcut or the file itself another
program launches along with the chat client.

For what it may be worth, before I deleted the shortcut it was launching
RssReader. Clicking directly on the executable's filename brings up the
other program; Rational's XDE installer. I have to click cancel 3 times on
the installer before YaZak loads.

I have noticed that in "My
Computer\HKEY_CURRENT_USERS\Software\Microsoft\Windows\ShellNoRoam\MUICache
all three programs are listed together.

Anybody have any idea of what's going on and how I can fix it?
Click to expand...

Have you tried one or both of these 'intruders' sleuth utilties?

http://www.lavasoftusa.com (AdAware)
http://safer-networking.org (SpyBot)
 
C

Chuck Bowling

Thanks Harry, I'll give it a shot...

Harry Ohrn said:
Try HighJackThis http://www.merijn.org/htlogtutorial.html Be careful with
the app though as it does not discriminate. Use the Help Forums which are
linked to from that site.

--

Harry Ohrn - MS MVP [Shell/User]
www.webtree.ca/windowsxp


Chuck Bowling said:
I don't know how, but I strongly suspect that I've been hacked.

I use a yahoo chat client called YaZak. A couple of weeks ago some a*hole
figured out how to get on my system and hack YaZak.

Now, whenever I click on either the shortcut or the file itself another
program launches along with the chat client.

For what it may be worth, before I deleted the shortcut it was launching
RssReader. Clicking directly on the executable's filename brings up the
other program; Rational's XDE installer. I have to click cancel 3 times on
the installer before YaZak loads.

I have noticed that in "My
Click to expand...
Computer\HKEY_CURRENT_USERS\Software\Microsoft\Windows\ShellNoRoam\MUICache
all three programs are listed together.

Anybody have any idea of what's going on and how I can fix it?
Click to expand...
Click to expand...
 
C

Chuck Bowling

Isn't BlackIce a firewall? If so I doubt that it'll work. I've got a
hardware firewall and the only place the bastard could have gotten in is
thru port 80 unless YaZak has a backdoor...
 
M

Malke

Chuck said:
Thanks for the reply dev.

Actually I use SpyBot on a fairly regular basis but I'm not sure how
it would be connected to this particular type of problem...
Click to expand...

If you really think you've been hacked, format the drive and clean
install Windows. It is the only way to be 100% sure your computer is
not compromised. A quick Google of YaZak brings up a lot of warez and
"crack" sites, so it isn't terribly surprising that you would have
intrusion problems after using it.

Here is a link to information about clean installing Windows:

http://michaelstevenstech.com/cleanxpinstall.html

Malke
 
X

-xiray-

Isn't BlackIce a firewall? If so I doubt that it'll work. I've got a
hardware firewall and the only place the bastard could have gotten in is
thru port 80 unless YaZak has a backdoor...
Click to expand...

Yes, it is a firewall, and what Trish doesn't foresee is that if
you've already been compromised then installing BlackIce will simply
create a situation where the firewall registers the rogue program as
one that you want to run. So it would be of absolutely no help.

By the way Trish... if you're tired of the way you need to manage
BlackIce when you install new programs and after your AV software is
auto-updated, then consider switching to Norton AV. It integrates
better with other apps and basic windows functions.
 
X

-xiray-

Thanks Harry, I'll give it a shot...
Click to expand...

Yes, HijackThis is a great program. It can clean things that neither
Ad-aware or Spybot will find.

But, read how to use the program, DO NOT delete every entry that the
program finds (for example it will also show entries for your AV,
firewall and other programs that you want to run). Delete judiciously.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

When I run some EXE files, XP launches the MS installer 3
hot-key removal 3
Need help with Windows XP registry question 2
csc-download.com.msi 3
What the 'FlashJester Jugglor Engine' is this!? 1
New problem with windows installer 3
File association broken 3
Windows Installer 1

Top